Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Blacklists not working
  FAQ FAQ  Forum Search   Register Register  Login Login

Blacklists not working

 Post Reply Post Reply
Author
Tim View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Tim Quote  Post ReplyReply Direct Link To This Post Topic: Blacklists not working
    Posted: 25 May 2006 at 7:33pm

After installing the latest evaluation version I have noticed that the program is bypassing all my blacklists.  I am having mail routed from the firewall to my local machine where the program is running.  that's the 10.228 number.   tvoge@caltim.com is in the TOMAILBLOCKS.txt file for blocking and yet it's getting passed to the mail server where it will bounce.  10.228.215.210:25 is the mail server behind the firewall.  This all started after I installed the latest eval.  I went and reverted to the previous version and the same thing is happening.

Anyone have any ideas as to what might be a miss?

05/25/06 19:24:38:248 -- (5680) Connection from: 10.228.215.1  -  Originating country : N/A
05/25/06 19:24:38:264 -- (5680) Bypassed all rules for: tvoge@caltim.com from charlene074eo@earthlink.net ( Whitelisted Peer IP)
05/25/06 19:24:38:295 -- (5680) EMail from charlene074eo@earthlink.net to tvoge@caltim.com was queued. Size: 1 KB, 1024 bytes
05/25/06 19:24:38:311 -- (5680) Disconnect
05/25/06 19:24:38:326 -- (4968) Sending email from charlene074eo@earthlink.net to tvoge@caltim.com
05/25/06 19:24:38:748 -- (4968) EMail from charlene074eo@earthlink.net to tvoge@caltim.com  was forwarded to 10.228.215.210:25
05/25/06 19:24:46:654 -- Starting to process queue directory...
05/25/06 19:24:46:686 -- (4948) Blacklist cache - starting cleanup

Back to Top
caltim View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote caltim Quote  Post ReplyReply Direct Link To This Post Posted: 25 May 2006 at 7:51pm

Here is more of the same. 

The problem seems to be the (Whitelisted Peer IP).  tvogel@attractionsusa.com It's set up for only AUTHORIZED TO EMAIL lists.  This address is NOT in the TO list.   

05/25/06 19:47:51:967 -- (4060) Connection from: 10.228.215.1  -  Originating country : N/A
05/25/06 19:47:52:014 -- (4060) Resolving 10.228.215.1 - nutcracker.caltim.com
05/25/06 19:47:52:014 -- (4060) Bypassed all rules for:
tvogel@attractionsusa.com from hotwizard2000@hotmail.com ( Whitelisted Peer IP)
05/25/06 19:47:52:045 -- (4060) EMail from
hotwizard2000@hotmail.com to tvogel@attractionsusa.com was queued. Size: 1 KB, 1024 bytes
05/25/06 19:47:52:076 -- (5824) Sending email from
hotwizard2000@hotmail.com to tvogel@attractionsusa.com
05/25/06 19:47:52:217 -- (4060) Disconnect
05/25/06 19:47:52:592 -- (5824) EMail from
hotwizard2000@hotmail.com to tvogel@attractionsusa.com  was forwarded to 10.228.215.210:25

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4068
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 25 May 2006 at 8:08pm
SpamFilter needs to see the original IP of the sender's server in order to perform all the IP-based tests. You will need to configure your firewall to pass SpamFilter the IP of the remote server.
Without being able to see the real IP address, filters like the MAPS RBL servers, SPF, reverse DNS, MX tests, IP blacklists and more cannot be used.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
Tim View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Tim Quote  Post ReplyReply Direct Link To This Post Posted: 25 May 2006 at 8:37pm

Originally posted by LogSat LogSat wrote:

SpamFilter needs to see the original IP of the sender's server in order to perform all the IP-based tests. You will need to configure your firewall to pass SpamFilter the IP of the remote server.
Without being able to see the real IP address, filters like the MAPS RBL servers, SPF, reverse DNS, MX tests, IP blacklists and more cannot be used.

Thanks for responding so quickly Roberto.

The weird thing is that SF has been working this way fine for the past several weeks in it's current configuration.  The trouble started when I installed the latest eval version. 

Tim

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4068
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 25 May 2006 at 9:59pm
If you have not changed your firewall/network settings, that should indicate that SpamFilter has always seen the same IP addresses.

SpamFilter will see the IP that is reported by the Operating System, upgrading SpamFilter will not change that.

Are you 100% certain that before you were seing the real IP address of the sender, and not IPs from your internal network? If you were before, again, an upgrade would not have changed that. You should look at any possible network/firewall changes that would instead indeed cause this to happen.


Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
Tim View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Tim Quote  Post ReplyReply Direct Link To This Post Posted: 25 May 2006 at 10:02pm

Originally posted by LogSat LogSat wrote:

If you have not changed your firewall/network settings, that should indicate that SpamFilter has always seen the same IP addresses.

SpamFilter will see the IP that is reported by the Operating System, upgrading SpamFilter will not change that.

Are you 100% certain that before you were seing the real IP address of the sender, and not IPs from your internal network? If you were before, again, an upgrade would not have changed that. You should look at any possible network/firewall changes that would instead indeed cause this to happen.


The IP it's been seeing is the internal.  I HATE that I can't use the Country Block but the firewall has it's own RBL lookups and antivirus.  But it doesn't have the country IP block which I love.  I am trying to get it all reconfigured from scratch so that SF sees it all.

Thanks again for all the help.

--tim

Back to Top
Tim View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Tim Quote  Post ReplyReply Direct Link To This Post Posted: 25 May 2006 at 10:23pm
What about the "Whitelisted Peer IP".  Where is SF storing this information?
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4068
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 26 May 2006 at 7:16am
It's in the file you specified on the "Settings - Black / White Lists - Excluded Domains / IPs" tab in SpamFilter. But again, you will not be able to use that feature reliably as SpamFilter is not seing the real IP of th sender.

SpamFilter has *several* more IP-based filters than any firewall, so we strongly recommend that you do configure the fwall to pass the real IP to SpamFilter.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.063 seconds.